STIGQter STIGQter: STIG Summary: IBM DB2 V10.5 LUW Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 25 Oct 2019: DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

DISA Rule

SV-89269r1_rule

Vulnerability Number

V-74595

Group Title

SRG-APP-000383-DB-000364

Rule Version

DB2X-00-008300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Use the following commands to set the protocol and ports as per PPSM guidance:

$db2 update dbm cfg using svcename [service_name | port_number]

$db2 update dbm cfg using ssl_svcename [ssl_service_name | port_number]


Note: http://www.ibm.com/support/knowledgecenter/en/SSEPGG_10.5.0/com.ibm.db2.luw.admin.sec.doc/doc/t0025241.html

Check Contents

Run the following command to find the value of the network service:

$db2 get dbm cfg

TCP/IP Service name (SVCENAME)
SSL service name (SSL_SVCENAME)

If the port numbers are not specified, look for the port numbers in services file and find the port numbers defined for the TCP/IP service name and SSL service name (SVCENAME, SSL_SVCENAME) above.

Default Location for services file:
Windows Service File: %SystemRoot%\system32\drivers\etc\services
UNIX Services File: /etc/services

If the network protocols and ports found in previous step are not in as per PPSM guidance, this is a finding.

Vulnerability Number

V-74595

Documentable

False

Rule Version

DB2X-00-008300

Severity Override Guidance

Run the following command to find the value of the network service:

$db2 get dbm cfg

TCP/IP Service name (SVCENAME)
SSL service name (SSL_SVCENAME)

If the port numbers are not specified, look for the port numbers in services file and find the port numbers defined for the TCP/IP service name and SSL service name (SVCENAME, SSL_SVCENAME) above.

Default Location for services file:
Windows Service File: %SystemRoot%\system32\drivers\etc\services
UNIX Services File: /etc/services

If the network protocols and ports found in previous step are not in as per PPSM guidance, this is a finding.

Check Content Reference

M

Target Key

3161

Comments